From owner-freebsd-security Fri Jun 21 11:57:41 2002 Delivered-To: freebsd-security@freebsd.org Received: from musique.teaser.net (musique.teaser.net [213.91.2.11]) by hub.freebsd.org (Postfix) with ESMTP id C771637B40B for ; Fri, 21 Jun 2002 11:57:31 -0700 (PDT) Received: from roadrunner.rominet.net (ATuileries-109-1-2-231.abo.wanadoo.fr [80.13.122.231]) by musique.teaser.net (Postfix) with ESMTP id 8C94972524 for ; Fri, 21 Jun 2002 20:57:30 +0200 (CEST) Received: by roadrunner.rominet.net (Postfix, from userid 1000) id 932028162; Fri, 21 Jun 2002 20:57:29 +0200 (CEST) Date: Fri, 21 Jun 2002 20:57:29 +0200 From: Alain Thivillon To: freebsd-security@FreeBSD.ORG Subject: Re: Apache root exploitable? Message-ID: <20020621185729.GG9492@roadrunner.rominet.net> References: <20020620201509.GC56227@madman.nectar.cc> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.24i X-Organization: Rominet Networks Inc. X-Operating-System: FreeBSD 4.6-RC Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > It isn't a very serious DoS though. My first try on FreeBSD 4.x with chunk size = 80000000 put httpd child in an endless loop. 10 or 20 requests will probably result in an unusable system (loop continues after client connection is closed). -- Nom d'un chat de nom d'un chat ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message